Linux's Tell-Tale Heart, Part 6

Hello, everyone. Nice to see your smiling
faces back here on the corner, the SysAdmin's Corner, that is. This
week, we're going to wrap up the "Tell-Tale Heart" series with
something so cool, you may never look at your Linux system in the
same way. You might not know it, but there is a
phantom living on your computer: a filesystem
with lots of directories and files, much like any other filesystem,
except that this one isn't really there at all. In fact, it
disappears every time you shut down, and is rebuilt every time you
reboot.

While I was writing this article, I realized I was having
almost too much fun. Some things in life are so cool that you just
want to keep fiddling with them. In the last few articles, I've
been comparing your Linux system logs to a kind of digital diary
kept by your system. If logs are a peek at your system's private
diaries, then the /proc filesystem (or
pseudo-filesystem, since it doesn't really
exist) is a means of looking into the very
soul of your system.

Okay, I've said it twice now. How can the mysterious
/proc filesystem not really exist? If I do an
ls -l on the root directory,
I get a directory of size zero. Try it out yourself.

For an empty directory, there's quite a bit here. Let's start
with some easy stuff.

Oops. Before I move on, let me offer a word of
WARNING!!! <begin weasel
words> Unless you know exactly what you are doing, do
not go changing the contents of your /proc filesystem.
There are some pretty neat things you can do with several of the
entries and you can tweak your actual running system by changing
various things here, but be warned. <end weasel words> Ahem,
where was I? Oh, yeah...

Easy stuff. Look at the file called "cpuinfo", for starters.
Another zero-size file. Now, cat
the file and have a look at the results. This is what mine
shows:

Similarly, doing a cat on
the meminfo file will give you current stats
about your memory, both physical and swap. Looking into
/proc/scsi will reveal your SCSI assignments,
while a look at the sound file will show you
your sound card configuration. A
cat of your
/proc/partitions file will display your disk
partition information, and "version" is your running kernel and how
it was compiled. Keep looking. There's a lot here, and it's balls
of fun.

By now, you may have noticed I did not tell you the whole
truth. When you did an ls -l
on /proc, you actually found two non-zero-size
files. One of them is called "kcore" and it can be a fairly good
size for something that takes up no space. If you really want to
look into the heart of your Linux system, listen closely; you can
almost hear it beating when you look here. This is a "mirror" of
sorts for your kernel. Perhaps the lens of a microscope would be a
better analogy. Notice how the file takes up about as much space as
you have physical memory. That is no coincidence.
kcore is your system's memory - its RAM, if you
prefer. In fact, it is everything currently in RAM, and as such, it
is a dynamic beast. The same can be said for much of what you see
in /proc. Looking at "meminfo" from one minute
to the next will yield a different set of numbers as the demands of
real memory vs swap are handled.

The other "big" file (though much smaller) is something
called "self", and if you do an
ls -l on
/proc, you'll notice that self is actually a
pointer to a number. Here's what I get when I do that ls
-l right now:

lr>wxrwxrwx 1 root root 64 Aug 16 13:28 self -> 2183

The reason I asked you to ls -l the whole
/proc directory rather than just "self" is this:
I wanted you to see that the number (in my case,
2183) is also a directory under the
/proc directory. Now, do another ls
-l. It's gone, isn't it?

What about all those numbers? What are they for? Each one
seems to be a directory. What will you find there? Do this: try a
ps ax to get a list of the running
processes on your system. Even better, do it this way:

ps ax | cut -c1-5

That will get you just the process numbers without the long
display. Now, compare that list to the numbers sitting in
/proc. Look familiar? Every process currently
running on your system has an analog sitting in the
/proc filesystem. Let's have a look at what we
can discover hidden in there. Just for fun, let's take one of the
processes on my system. For this little exploring about, I am using
a terminal emulator called Eterm.
If you don't have it, get it from
http://www.eterm.org.
You'll thank me later. Sure, it's eye candy, but a little bit of
eye candy isn't all bad, right? (There I go, wandering off again.
Sorry.)

The process ID for one of my Eterm sessions is 834 (the
result of ps ax | grep Eterm). If I
cd to /proc/834
and do an ls -l, this is what I see:

Once again, a number of these can be viewed with
cat or
more or
less. The
cmdline file shows the command that executed
Eterm, while environ displays the environment
variables at work here. Check out maps for a
list of all the libraries at work with the current executable. Look
inside that fd directory, and see
if you can figure out what those numbers represent.

Sure, there are system commands that do a fine job of showing
what is happening in /proc. The command
top, for instance, is just such a
snapshot for your processes. Files such as
meminfo and pci can be
graphically unwound with the help of KDE's
kcontrol program. Just check out
the Information tab. If you look
long and hard enough, you will likely find a tool to display all
this stuff in a nice, graphical format. In some ways, that's part
of the reasoning behind the /proc filesystem: to
give programmers/administrators/etc. an easier means of accessing
core system information and modifying a running kernel. Get the
tools later. Look around now. It's a kind of techno adventure,
where the prize is a deeper understanding of what happens under
your system's "hood". Yes, Bobby, that's the same hood that's not
welded shut.

Did I just say modifying a running
kernel? Hmmm... that sounds like a good place to stop and get you
ready for something brand-new when next we meet here at the
SysAdmin's Corner. (Ain't I a stinker?) Until next time, always
remember: your Linux system is talking to you. Are you
listening?

Geek Guides

Pick up any e-commerce web or mobile app today, and you’ll be holding a mashup of interconnected applications and services from a variety of different providers. For instance, when you connect to Amazon’s e-commerce app, cookies, tags and pixels that are monitored by solutions like Exact Target, BazaarVoice, Bing, Shopzilla, Liveramp and Google Tag Manager track every action you take. You’re presented with special offers and coupons based on your viewing and buying patterns. If you find something you want for your birthday, a third party manages your wish list, which you can share through multiple social- media outlets or email to a friend. When you select something to buy, you find yourself presented with similar items as kind suggestions. And when you finally check out, you’re offered the ability to pay with promo codes, gifts cards, PayPal or a variety of credit cards.